For my blogger friends: Canada’s new anti-spam law

So I’m taking off my foodie hat and putting on my lawyer hat today, to talk about Canada’s new anti-spam laws! Exciiiiting, right? Those of you who come for the recipes, I apologize. This is just a short little break from regularly scheduled programming, and I will be back with food stuff, I promise!

If you are still reading, then you are probably a blogger type or a web type, or else just really really bored and looking for something to read. For those in the latter category, might I suggest this.

For those in the former category, welcome! If you are confused or panicked or just plain curious about the new anti-spam law, and how it might affect your blogging activities, you have come to the right place!

Now before I begin, a disclaimer: I ain’t your lawyer, and this is not legal advice, y’hear? This is what we call legal information. If you have questions about how the new law applies to your particular circumstances, or you find yourself caught in an anti-spam pickle, you will need to retain a lawyer to help you.

With that out of the way, let’s get on with what will hopefully be the quickest and dirtiest, but most helpfully simplified, summary of the anti-spam law that you will find on the interwebs.

“Anti-spam”? What you talkin’ about Willis?!

Yes, anti-spam. Canada has a new anti-spam law that goes into effect July 1, 2014. The new law has a few different parts, but the most important part for bloggers? No sending emails without consent. You got that? I repeat: NO SENDING EMAILS WITHOUT CONSENT. And by emails I mean not just *emails* but text messages and messages sent through social media platforms (like Facebook and Twitter) too. The law calls these “commercial electronic messages”. No sending commercial electronic messages without consent! Write that on your hand.

And when you do send these “commercial electronic messages”, you’ve also got to make sure that the message you are sending meets a few simple form and content requirements. (More about that later.)

What happens if you break this new law? You can get fined up to $1 million (for individuals; $10 million for corporations). Yikes!

So what the heck is “consent” and how do I get it?

Good question. The most important thing is that (subject to a few exceptions, which I will talk about in a bit) the consent must be EXPRESS. The subscriber/reader must opt-in to receiving your messages. This means no already-ticked check boxes, and no “thanks for purchasing the world’s best dog bone; we’ve added you to our database!”. You can only send messages to folks who have actively taken some step to say YES, I want to get your messages.

When you ask folks for express consent, the law says you must tell them the following: (1) the purpose for which you are seeking their consent (i.e. what do you want to send them?), (2) the name of the person or business asking for the consent, (3) the mailing address and either a phone number, email address or web address of the person or business asking for consent, and (4) a statement that the person can withdraw their consent at any time.

And…what about these “exceptions” to express consent?

There are a few situations in which you can send a message without express consent. I won’t cover all the exceptions, as that would bore you to death make this article way way too long, but here are some of the important ones for bloggers:

Where the message is not commercial in nature. Remember, the law only applies to commercial electronic messages. If your blog is totally educational, and you aren’t making a cent on advertising, sponsorship, or otherwise, it’s arguable that the law doesn’t apply to your messages. Arguable. (Don’t you just love lawyers?) When in doubt, get consent. Do it.

Where you have a “personal relationship” or a “family relationship” with the recipient. Yes, your mother-in-law can email you without obtaining your express consent. Sorry.

Where you are sending a message through an “electronic messaging service” (e.g. a social media platform) that has its own “unsubscribe” mechanism and the person you are sending the message to “consents to receive it either expressly or by implication”. This is a bit of a head-scratcher, but at least makes it clear that we don’t need to add an unsubscribe mechanism when we send Facebook messages!

Where the consent can be IMPLIED. In some cases, even though the anti-spam law applies and you need consent, you can rely on implied consent instead of express consent. A couple of the important situations in which implied consent will be sufficient:

Where you have an existing business relationship with the recipient. If you and the recipient have engaged in certain types of business activities (example: the recipient purchased a product or service from you) at some point in the last two years, or the recipient made an email inquiry at some point in the last six months, then you’ve got something called implied consent and you don’t need express consent. The crappy thing about implied consent is that it’s time-limited; it does not last forever! Express consent is way better—it lasts until the recipient withdraws the consent (i.e. unsubscribes). But the great thing about implied consent is that you can use the implied consent as permission to send an email asking the person to grant express consent. Does your head hurt yet? Sorry. Keep on reading down to “Do I need to obtain consent from my existing subscribers?” and this will all become a little clearer.

Where the recipient has “conspicuously published” his/her email address (e.g. on a website) or disclosed it to you (e.g. on a business card), without any indication that emails are unwelcome. Consent is implied here too. So if a PR company says “contact us at info@prgenius.com for more information about media opportunities” or a brand says “we love to hear from you; drop us a note at contact@awesomedogbones.com”, or a blogger at a conference gives you a business card for their consulting business, you can send an email without express consent. Provided, of course, that the email relates to the service or product on offer. (No emails about, you know, “enlargement” or anything like that.)

Do I need to obtain consent from my existing subscribers?

In the past couple of weeks, you’ve probably received your fair share of “Please confirm that you’d like to continue to receive emails from us” emails. And you may be wondering: S*#t! Do I have to do that?

The answer (wait, wait, wait for it): you might. Doh!

Whether or not you need to reach out to your list to confirm consent (i.e. to get express consent) depends on how you got these email addresses in the first place. In my case, all my subscribers joined my list through a double opt-in process (kinda like this one). That is, they opted in first by entering their email address on my site, and second by confirming their subscription by email. My email service provider does this for me. I’m pretty satisfied that all of these subscribers have granted their express consent. Clap, clap, clap!

Now, it would be a different story if some or all of my subscribers had come to me via some other route. For example, if they had purchased a product or service from me, or made an email inquiry at some point in the past, or given me a business card at an event. I might have implied consent for some of these folks; for others I might have no consent. (Remember, implied consent is time-limited. If they came to be on my list as a result of a business relationship that ended three years ago, there is no implied consent.) So I could try to separate my list into (1) people who have given express consent, (2) people who have given implied consent, and (3) people who have not given consent (or for whom implied consent has expired). OR, I could save a lot of time and just email my whole list to get their express consent. This is what many large companies seem to be doing.

The downside to doing that? You may end up with a list that is the fraction of the size it used to be. The upside? You will know that those who are on the list really do want to hear from you. Sure, you’re making your list smaller, but you’re also making it better :-).

One last thing on this: it appears that my express consents will still be valid after July 1, 2014, even though I DID NOT include all the required information when requesting the consents (e.g. I have never had on my site any statement that subscribers can withdraw their consent at any time). However, come July 1, I will have to make sure that all my requests for consent contain this information.

If you are going to send an email to confirm your subscribers, make sure you do it before the law comes into effect on July 1. Because a mere request for consent is itself a commercial electronic message that, under the new law, cannot be sent without consent. Ack!

Does this new law apply to all email addresses everywhere in the world?

No. Well, not really. The law applies to all commercial electronic messages sent or accessed using a computer located in Canada. BUT…the law does NOT apply if you are sending a message that you “reasonably believe” will be accessed in one of the foreign countries listed here (it’s a LONG list), provided you make sure that the message conforms to the law of that foreign state. So if you are sending emails to subscribers in Botswana, Namibia or—more likely—the USA, then it’s time to start reading up their anti-spam laws. (This is the part that makes me want to crawl under a very large rock.)

And what about these form and content requirements?

I mentioned the form and content requirements. All messages to which the law applies must meet some specific form and content requirements. So make your messages exciting, compelling, graphic, and all that good stuff. But before you send them, make sure they also include the following:

(1) the name of the person or business sending the message;

(2) the mailing address and either a telephone number, email address or web address of the person or business sending the message; and

(3) an unsubscribe mechanism that is totally free and valid for at least 60 days.

If you work out of a home office, you do NOT need to disclose your home address to meet these requirements. You can use a PO box or general delivery address instead.

Still confused?

If you take only one thing away from this article, make it this: if you want to send commercial electronic messages, you need to (1) get consent, (2) identify yourself and your business in the request for consent and in all messages, and (3) make it possible for people to unsubscribe. That’s the gist.

I don’t make any money off my blog and I’m not a big corporation…it seems odd that I would have to give all my subscribers my personal address. I actually don’t really like that.
If I had an office and I was making billions off my blog then I would have no problem with it but I don’t see any real reason why my readers would want to know my home address.

Thanks for the post though, I’ve been avoiding ‘doing the dirty work’ ie reading the law mumbo jumbo regarding the new anti spam laws ON PURPOSE. Your post I actually read 😉

Awesome summary!
If you are going the business card route – you may want to record when you received the business card. Grab a smartphone app that includes a date/time stamp (CardMunch was awesome for this, but it is being discontinued) and you are pretty much, good to go.

When emailing it is sometimes difficult to determine where the computer is that is ‘doing the emailing’. Cloud services mean that the server could be in the US, or somewhere else and you likely don’t know where. Realistically, if you are in Canada and creating parts of the campaign in Canada, or setting up the campaign from Canada, even though the server is in the US, you’d likely be treated as a Canadian, with CASL applying. Best bet, hire a lawyer to figure out where the heck you are and if you are ‘Canadian’ in your email activities.

Couple of watch outs – if you were a good little emailer and adhering to CAN SPAM then some of the changes you should be aware of:
*Unsubscribe links must work for 30 days under Can Spam, it is now 60 days under CASL
*Tied selling/Cross Selling – If you send out a confirmation message (thanks for your order/registration) you can’t include content of a commercial nature i.e. you should buy this thing, as that now turned a transactional email into a marketing/commercial message.
*CAN SPAM relates to email only, CASL relates to all electronic messages

Look at that, when I’m asked to “Submit Comment”, there is a little box that I need to check if I want to be added to your mailing list…

Thanks for taking the time to spell this for all of us! I’m new to the game and appreciate the plain speak. Not something I have to worry about at this time, but glad to have a heads up if I even enter the ring.

Big thanks, you just helped me a tonne! A lot. Hugely. Heaps. Did I mention that I really appreciate this “legal info”? I do. Not kidding. This is not spam, it’s heartfelt feedback. Seriously — thanks for taking time to post and clarify for those of us with our heads in the sand 😉

Thank you so so much for this Sarah! It helped to clarify this very confusing (and annoying law!). So as I understand it, I do not have to send out a “please continue to subscribe – click here” type email if my list was obtained through a double-opt-in list management system (ie: Mailchimp sign-up form on my website) since the act of double-in in itself expresses consent…? Correct? Please say yes! 🙂